def top_taxii(request): debug_print('>>>top_taxii enter') #method check debug_print('>>>HTTP method:' + str(request.method)) if request.method != 'GET': data = get_no_accept_json_data('Invalid HTTP method') r = JsonResponse(data, safe=False, content_type=RESPONSE_COMMON_CONTENT_TYPE_TAXII_JSON) r.status_code = 406 return r #Accept check debug_print('>>>request.META.has_key(HTTP_ACCEPT):' + str(request.META.has_key('HTTP_ACCEPT'))) if request.META.has_key('HTTP_ACCEPT') == False: print '>>>no HTTP_ACCEPT' data = get_no_accept_json_data('No Accept') r = JsonResponse(data, safe=False, content_type=RESPONSE_COMMON_CONTENT_TYPE_TAXII_JSON) r.status_code = 406 return r if check_http_accept(request) == True: debug_print('>>>Invalid Accept') data = get_no_accept_json_data('Invalid Accept') r = JsonResponse(data, safe=False, content_type=RESPONSE_COMMON_CONTENT_TYPE_TAXII_JSON) r.status_code = 406 return r #Authenticate check r = check_common_authorization(request) if r is not None: return r data = { 'title': 'TAXII Server Under Test', 'description': 'This is a TAXII Server under test', 'contact': 'Please contact x-xxx-xxx-xxxx', 'default': '%s/%s/' % (TXS_HOST_PORT, API_ROOT_1), 'api_roots': ['%s/%s/' % (TXS_HOST_PORT, API_ROOT_1)] } return JsonResponse(data, safe=False, content_type=RESPONSE_COMMON_CONTENT_TYPE_TAXII_JSON)
def top(request): debug_print('>>>top enter') #method check debug_print('>>>HTTP method:' + str(request.method)) if request.method != 'GET': data = get_no_accept_json_data('Invalid HTTP method') r = JsonResponse(data, safe=False, content_type=RESPONSE_COMMON_CONTENT_TYPE_TAXII_JSON) r.status_code = 406 return r #Accept check debug_print('>>>request.META.has_key(HTTP_ACCEPT):' + str(request.META.has_key('HTTP_ACCEPT'))) if request.META.has_key('HTTP_ACCEPT') == False: print '>>>no HTTP_ACCEPT' data = get_no_accept_json_data('No Accept') r = JsonResponse(data, safe=False, content_type=RESPONSE_COMMON_CONTENT_TYPE_TAXII_JSON) r.status_code = 406 return r if check_http_accept(request) == True: debug_print('>>>Invalid Accept') data = get_no_accept_json_data('Invalid Accept') r = JsonResponse(data, safe=False, content_type=RESPONSE_COMMON_CONTENT_TYPE_TAXII_JSON) r.status_code = 406 return r #Authenticate check r = check_common_authorization(request) if r is not None: return r data = { 'title': 'Sharing Group 1', 'description': 'This sharing group shares intelligence.', 'versions': ['taxii-2.0'], 'max_content_length': MAX_CONTENT_LENGTH } return JsonResponse(data, safe=False, content_type=RESPONSE_COMMON_CONTENT_TYPE_TAXII_JSON)
def get_read_collection_content(): debug_print('>>>enter get_read_collection_content') j = [] for stix_file in StixFiles.objects(input_community=_community): debug_print('>>>stix_file id: ' + str(stix_file.id)) content = stix_file.content.read() j.append(json.loads(content)) return JsonResponse(j, safe=False, content_type=RESPONSE_COMMON_CONTENT_TYPE_STIX_JSON)
def misp_import(request): if request.method != 'POST': return HttpResponseNotAllowed(['POST']) try: package_id = request.POST['package_id'] control = MispUploadAdapterControl() control.upload_misp(package_id) resp = {'status': 'OK', 'message': 'Success'} except Exception as e: resp = {'status': 'NG', 'message': str(e)} return JsonResponse(resp)
def publish(request): stix_id = request.GET['stix_id'] taxii_id = request.GET['taxii_id'] protocol_version = request.GET['protocol_version'] stix = StixFiles.objects.get(id=stix_id) if protocol_version.startswith('1.'): taxii_client = TaxiiClients.objects.get(id=taxii_id) client = Client(taxii_client=taxii_client) else: taxii_client = Taxii2Clients.objects.get(id=taxii_id) client = Client(taxii2_client=taxii_client) if not client._can_write: resp = {'status': 'NG', 'message': 'This collection is not for publishing.'} return JsonResponse(resp) try: msg = client.push(stix) resp = {'status': 'OK', 'message': msg} except Exception as e: resp = {'status': 'NG', 'message': str(e)} return JsonResponse(resp)
def publish(request): # ajax parameter取得 stix_id = request.GET['stix_id'] taxii_id = request.GET['taxii_id'] # Publish (Push) する StixFile object stix = StixFiles.objects.get(id=stix_id) # Publish (Push) の時に使用する TaxiiClients object client = Client(taxii_id=taxii_id) # publish する try: client.push(stix) resp = {'status': 'OK', 'message': 'Success'} except Exception as e: # traceback.print_exc() resp = {'status': 'NG', 'message': str(e)} return JsonResponse(resp)
def get_table_info(request): iDisplayLength = int(request.GET['iDisplayLength']) sEcho = request.GET['sEcho'] iDisplayStart = int(request.GET['iDisplayStart']) sSearch = request.GET['sSearch'] sort_col = int(request.GET['iSortCol_0']) sort_dir = request.GET['sSortDir_0'] order_query = None if sort_col == 1: order_query = 'produced' elif sort_col == 2: order_query = 'package_name' elif sort_col == 3: order_query = 'package_id' elif sort_col == 4: order_query = 'version' if order_query is not None: if sort_dir == 'desc': order_query = '-' + order_query s_input_communities = Communities.objects.filter(Q(name__icontains=sSearch)) s_via_choices = Vias.get_search_via_choices(sSearch) s_uploaders = [] for uploader in STIPUser.objects.filter(QQ(screen_name__icontains=sSearch) | QQ(username__icontains=sSearch)): s_uploaders.append(uploader.id) s_vias = Vias.objects.filter(Q(via__in=s_via_choices) | Q(uploader__in=s_uploaders) | Q(adapter_name__icontains=sSearch)) objects = StixFiles.objects \ .filter( Q(package_name__icontains=sSearch) | Q(package_id__icontains=sSearch) | Q(version__icontains=sSearch) | Q(input_community__in=s_input_communities) | Q(via__in=s_vias) )\ .order_by(order_query) aaData = [] count = 0 for d in objects[iDisplayStart:(iDisplayStart + iDisplayLength)]: l = [] l.append('<input type="checkbox" file_id="%s"/ class="delete-checkbox">' % (d.id)) l.append(d.produced.strftime('%Y/%m/%d %H:%M:%S')) l.append(d.package_name) l.append(d.package_id) l.append(d.version) try: l.append(d.input_community.name) except DoesNotExist: l.append('<deleted>') l.append(d.via.get_via_display()) l.append(d.via.get_uploader_screen_name()) link_str = '' if d.version.startswith('1.'): link_str += '<a href="/list/download?id=%s&version=%s">STIX %s (Original)</a><br/>' % (d.id, d.version, d.version) link_str += ('<a href="/list/download?id=%s&version=2.1">STIX 2.1</a>' % (d.id)) elif d.version == '2.0': link_str += ('<a href="/list/download?id=%s&version=1.2">STIX 1.2</a><br/>' % (d.id)) link_str += ('<a href="/list/download?id=%s&version=2.0">STIX 2.0 (Original)</a><br/>' % (d.id)) link_str += ('<a href="/list/download?id=%s&version=2.1">STIX 2.1</a>' % (d.id)) elif d.version == '2.1': link_str += ('<a href="/list/download?id=%s&version=1.2">STIX 1.2</a><br/>' % (d.id)) link_str += ('<a href="/list/download?id=%s&version=2.1">STIX 2.1 (Original)</a>' % (d.id)) l.append(link_str) if request.user.is_admin: l.append('<a><span class="glyphicon glyphicon-share-alt publish-share-alt-icon" data-file-id="%s" data-package-name="%s" data-package-id="%s" title="Publish to.."></span></a>' % (d.id, d.package_name, d.package_id)) else: l.append('<span class="glyphicon glyphicon-ban-circle" disabled></span>') link_str = ('<a><span class="glyphicon glyphicon-export misp-import-icon" package_id="%s" title="Import into MISP .."></span></a>' % (d.package_id)) l.append(link_str) aaData.append(l) count += 1 resp = {} all_count = StixFiles.objects.count() resp['iTotalRecords'] = all_count resp['iTotalDisplayRecords'] = objects.count() resp['sEcho'] = sEcho resp['aaData'] = aaData return JsonResponse(resp)
def get_table_info(request): #ajax parameter取得 iDisplayLength = int(request.GET['iDisplayLength']) sEcho = request.GET['sEcho'] iDisplayStart = int(request.GET['iDisplayStart']) sSearch = request.GET['sSearch'] sort_col = int(request.GET['iSortCol_0']) sort_dir = request.GET['sSortDir_0'] order_query = None if sort_col == 1: order_query = 'produced' elif sort_col == 2: order_query = 'package_name' elif sort_col == 3: order_query = 'package_id' elif sort_col == 4: order_query = 'version' if order_query is not None: #descが降順 if sort_dir == 'desc': order_query = '-' + order_query #検索対象のcommunity s_input_communities = Communities.objects.filter( Q(name__icontains=sSearch)) #検索対象のvia_choice s_via_choices = Vias.get_search_via_choices(sSearch) #検索対象のUploader s_uploaders = [] for uploader in STIPUser.objects.filter( QQ(screen_name__icontains=sSearch) | QQ(username__icontains=sSearch)): s_uploaders.append(uploader.id) #検索対象のvias #viaとuploaderとadapter_nameが検索時対象 s_vias = Vias.objects.filter( Q(via__in=s_via_choices) | Q(uploader__in=s_uploaders) | Q(adapter_name__icontains=sSearch)) #検索する objects = StixFiles.objects \ .filter( Q(package_name__icontains=sSearch) | Q(package_id__icontains=sSearch)| Q(version__icontains=sSearch)| Q(input_community__in=s_input_communities) | Q(via__in=s_vias) )\ .order_by(order_query) #検索結果から表示範囲のデータを抽出する aaData = [] count = 0 for d in objects[iDisplayStart:(iDisplayStart + iDisplayLength)]: l = [] l.append( '<input type="checkbox" file_id="%s"/ class="delete-checkbox">' % (d.id)) l.append(d.produced.strftime('%Y/%m/%d %H:%M:%S')) l.append(d.package_name) l.append(d.package_id) l.append(d.version) try: l.append(d.input_community.name) except DoesNotExist: #commmunityが削除されたなどの理由でない場合 l.append('<deleted>') l.append(d.via.get_via_display()) l.append(d.via.get_uploader_screen_name()) link_str = '<a href="/list/download?id=%s&version=%s">Original (%s)</a> ' % ( d.id, d.version, d.version) if d.version != '2.0': link_str += ( '<a href="/list/download?id=%s&version=2.0">Converted (2.0)</a>' % (d.id)) else: link_str += ( '<a href="/list/download?id=%s&version=1.2">Converted (1.2)</a>' % (d.id)) l.append(link_str) l.append( '<a><span class="glyphicon glyphicon-share-alt publish-share-alt-icon" file_id="%s" title="Publish to.."></span></a>' % (d.id)) if d.version.startswith('1.') == True: link_str = ( '<a><span class="glyphicon glyphicon-export misp-import-icon" package_id="%s" title="Import into MISP .."></span></a>' % (d.package_id)) else: link_str = ( '<span class="glyphicon glyphicon-remove-sign"></span>') l.append(link_str) aaData.append(l) count += 1 resp = {} all_count = StixFiles.objects.count() resp['iTotalRecords'] = all_count resp['iTotalDisplayRecords'] = objects.count() resp['sEcho'] = sEcho resp['aaData'] = aaData return JsonResponse(resp)
def collections_objects(request, id_): debug_print('>>>collections_objects enter') debug_print('>>>id_ :' + str(id_)) #Authenticate check r = check_common_authorization(request) if r is not None: debug_print('>>>Invalid Authentication.') return r if id_ == READ_COLLECTION: #Read Collection debug_print('>>>Read Collection.') if request.method != 'GET': #ReadCollcetion 指定時に GET 以外はNG debug_print('>>>Invalid HTTP Method:' + str(request.method)) data = get_no_accept_json_data('Invalid HTTP method') r = JsonResponse(data, safe=False, content_type=RESPONSE_CONTENT_TYPE_STIX_JSON) r.status_code = 406 return r #Accept check if request.META.has_key('HTTP_ACCEPT') == False: debug_print('>>>No HTTP_ACCEPT.') data = get_no_accept_json_data('No Accept') r = JsonResponse(data, safe=False, content_type=RESPONSE_CONTENT_TYPE_STIX_JSON) r.status_code = 406 return r if check_http_accept(request) == True: debug_print('>>>HTTP_ACCEPT Invalid:' + str(request.META['HTTP_ACCEPT'])) data = get_no_accept_json_data('Invalid Accept') r = JsonResponse(data, safe=False, content_type=RESPONSE_CONTENT_TYPE_STIX_JSON) r.status_code = 406 return r return get_read_collection_content() elif id_ == WRITE_COLLECTION: #Write Collection debug_print('>>>Write Collection.') if request.method != 'POST': #WirteCollcetion 指定時に POST 以外はNG debug_print('>>>Invalid HTTP Method:' + str(request.method)) data = get_no_accept_json_data('Invalid HTTP method') r = JsonResponse(data, safe=False, content_type=RESPONSE_CONTENT_TYPE_STIX_JSON) r.status_code = 406 return r #max-content-length check if int(request.META['CONTENT_LENGTH']) > MAX_CONTENT_LENGTH: debug_print('>>>Too much content size:' + str(request.META['CONTENT_LENGTH'])) data = get_no_accept_json_data('Too much content size') r = JsonResponse(data, safe=False, content_type=RESPONSE_CONTENT_TYPE_STIX_JSON) r.status_code = 406 return r #Accept check if request.META.has_key('HTTP_ACCEPT') == False: debug_print('>>>No HTTP_ACCEPT.') data = get_no_accept_json_data('No Accept') r = JsonResponse(data, safe=False, content_type=RESPONSE_CONTENT_TYPE_STIX_JSON) r.status_code = 406 return r if check_http_accept(request) == True: debug_print('>>>HTTP_ACCEPT Invalid:' + str(request.META['HTTP_ACCEPT'])) data = get_no_accept_json_data('Invalid Accept') r = JsonResponse(data, safe=False, content_type=RESPONSE_CONTENT_TYPE_STIX_JSON) r.status_code = 406 return r data = post_write_collection(request.body) r = JsonResponse(data, safe=False, content_type=RESPONSE_CONTENT_TYPE_TAXII_JSON) r.status_code = 202 return r elif id_ == READ_WRITE_COLLECTION: #ReadWrite Collection debug_print('>>>ReadWrite Collection.') if request.method == 'GET': return get_read_collection_content() elif request.method == 'POST': #max-content-length check if int(request.META['CONTENT_LENGTH']) > MAX_CONTENT_LENGTH: debug_print('>>>Too much content size:' + str(request.META['CONTENT_LENGTH'])) data = get_no_accept_json_data('Too much content size') r = JsonResponse(data, safe=False, content_type=RESPONSE_CONTENT_TYPE_STIX_JSON) r.status_code = 406 return r data = post_write_collection(request.body) r = JsonResponse(data, safe=False, content_type=RESPONSE_CONTENT_TYPE_TAXII_JSON) r.status_code = 202 return r else: debug_print('>>>Invalid HTTP Method:' + str(request.method)) data = get_no_accept_json_data('Invalid HTTP method') r = JsonResponse(data, safe=False, content_type=RESPONSE_CONTENT_TYPE_STIX_JSON) r.status_code = 406 return r else: #unmatched collection id debug_print('>>>Unmatched Collection:' + str(id_)) data = { 'title': 'Incorrect Collection Get', 'description': 'An incorrect URL for a collection was accessed', 'error_id': 'To be determined', 'error_code': 'To be determined', 'http_status': '404', 'external_details': 'To be determined', "details": { "collection": id_, } } j = JsonResponse(data, safe=False, content_type=RESPONSE_CONTENT_TYPE_STIX_JSON) j.status_code = 404 return j return JsonResponse(data, safe=False, content_type=RESPONSE_CONTENT_TYPE_STIX_JSON)
def collections(request, id_): debug_print('>>>collections enter') debug_print('>>>id_ :' + str(id_)) #method check if request.method != 'GET': debug_print('>>>Invalid HTTP method:' + str(request.method)) data = get_no_accept_json_data('Invalid HTTP method') r = JsonResponse(data, safe=False, content_type=RESPONSE_CONTENT_TYPE_STIX_JSON) r.status_code = 406 return r #Authenticate check r = check_common_authorization(request) if r is not None: debug_print('>>>Invalid Authentication.') return r #Accept check if request.META.has_key('HTTP_ACCEPT') == False: debug_print('>>>No HTTP_ACCEPT.') data = get_no_accept_json_data('No Accept') r = JsonResponse(data, safe=False, content_type=RESPONSE_CONTENT_TYPE_STIX_JSON) r.status_code = 406 return r if check_http_accept(request) == True: debug_print('>>>HTTP_ACCEPT Invalid:' + str(request.META['HTTP_ACCEPT'])) data = get_no_accept_json_data('Invalid Accept') r = JsonResponse(data, safe=False, content_type=RESPONSE_CONTENT_TYPE_STIX_JSON) r.status_code = 406 return r if id_ == READ_COLLECTION: data = { 'id': id_, 'title': 'Test Read Collection', 'description': 'This is Test Read Collection', 'can_read': True, 'can_write': False, 'media_types': [COLLECTION_MEDIA_TYPE] } elif id_ == WRITE_COLLECTION: data = { 'id': id_, 'title': 'Test Write Collection', 'description': 'This is Test Write Collection', 'can_read': False, 'can_write': True, 'media_types': [COLLECTION_MEDIA_TYPE] } elif id_ == READ_WRITE_COLLECTION: data = { 'id': id_, 'title': 'Test Read Write Collection', 'description': 'This is Test Read Write Collection', 'can_read': True, 'can_write': True, 'media_types': [COLLECTION_MEDIA_TYPE] } else: #unmatched collection id debug_print('>>>unmatched collection id:' + str(id_)) data = { 'title': 'Incorrect Collection Get', 'description': 'An incorrect URL for a collection was accessed', 'error_id': 'To be determined', 'error_code': 'To be determined', 'http_status': '404', 'external_details': 'To be determined', "details": { "collection": request.path, } } j = JsonResponse(data, safe=False, content_type=RESPONSE_COMMON_CONTENT_TYPE_TAXII_JSON) j.status_code = 404 return j return JsonResponse(data, safe=False, content_type=RESPONSE_CONTENT_TYPE_TAXII_JSON)
def collections_root(request): debug_print('>>>collections enter') #method check if request.method != 'GET': debug_print('>>>Invalid HTTP method:' + str(request.method)) data = get_no_accept_json_data('Invalid HTTP method') r = JsonResponse(data, safe=False, content_type=RESPONSE_CONTENT_TYPE_STIX_JSON) r.status_code = 406 return r #Authenticate check r = check_common_authorization(request) if r is not None: debug_print('>>>Invalid Authentication.') return r #Accept check if request.META.has_key('HTTP_ACCEPT') == False: debug_print('>>>No HTTP_ACCEPT.') data = get_no_accept_json_data('No Accept') r = JsonResponse(data, safe=False, content_type=RESPONSE_CONTENT_TYPE_STIX_JSON) r.status_code = 406 return r if check_http_accept(request) == True: debug_print('>>>HTTP_ACCEPT Invalid:' + str(request.META['HTTP_ACCEPT'])) data = get_no_accept_json_data('Invalid Accept') r = JsonResponse(data, safe=False, content_type=RESPONSE_CONTENT_TYPE_STIX_JSON) r.status_code = 406 return r collections = [] data = { 'id': READ_COLLECTION, 'title': 'Test Read Collection', 'description': 'This is Test Read Collection', 'can_read': True, 'can_write': False, 'media_types': [COLLECTION_MEDIA_TYPE] } collections.append(data) data = { 'id': WRITE_COLLECTION, 'title': 'Test Write Collection', 'description': 'This is Test Write Collection', 'can_read': False, 'can_write': True, 'media_types': [COLLECTION_MEDIA_TYPE] } collections.append(data) data = { 'id': READ_WRITE_COLLECTION, 'title': 'Test Read Write Collection', 'description': 'This is Test Read Write Collection', 'can_read': True, 'can_write': True, 'media_types': [COLLECTION_MEDIA_TYPE] } collections.append(data) r = {} r['collections'] = collections return JsonResponse(r, safe=False, content_type=RESPONSE_CONTENT_TYPE_TAXII_JSON)